CVE-2024-7485

The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Traffic Manager Type Plugin Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be1f24248f2b Credits István Márton Requir...

WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS discovered by Lana Codes Patchstack Alliance in the WordPress Traffic Manager plugin versions = 1.4.5. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for...